BluePrintHealthcareITInformationSecurity

BluePrint Healthcare IT has been a leader in healthcare privacy and security for over a decade. Unlike many other information security companies, we are 100% focused on serving the needs of healthcare providers and business associates. BluePrint was one of the first organizations to publish a comprehensive roadmap for hospitals and health systems to comply with the HIPAA Security rule in 2005. Since that time, BluePrint has worked as a trusted partner with dozens of healthcare systems, medical centers, physician networks, business associates and hospital associations to help protect their healthcare data.

From Mark’s session – next steps you can take to manage medical device risk better

News from the HITRUST Alliance

A major theme we saw throughout the conference and what it means to you

Managing Medical Device Risk

Gartner predicts that, by 2020, 25 percent of all enterprise breaches will involve IoT, including medical devices. And, because medical device manufacturers haven't focused much on security, this mounting challenge lies at the feet of healthcare organizations and their biomedical engineering and IT departments.

Mark and Mike Maksymow, CIO at Beebe Healthcare, discussed the rising need for healthcare organizations to protect themselves. One of the best takeaways from the session was a Next Steps lists of actions that you can start with today.

Here are eight ways that you can improve your IoMT security posture:

Know what you have. Create a complete and up-to-date inventory of your medical devices.

It’s planned that MyCSF 2.0 will be launched by end of 2017 or beginning of 2018 with general access by the end of March 2018.

Their goals for the new portal include:

Cleaner and easier to use interface

Streamlined assessment navigation

Added functionality

Better dashboards

Functionality with iPad and iPhones

Certification Verification

Major Conference Theme – Scoping

Each member of our team attended different sessions and then caught up periodically to weigh in on what we were hearing from the presentations, as well as from the audiences. One theme that was persistent throughout the conference was around the importance of a well-executed Scoping exercise when embarking on your HITRUST certification process.

Making sure you have the right guidance as to how to scope your organization against the HITRUST CSF is a critical part of any HITRUST Certification initiative. In collaboration with our clients, we create the appropriate “boundary” within the MyCSF administrative factors and details questionnaire to limit scope to the desired business units and supporting technologies of your organization. This questionnaire is a crucial aspect of the process due to its direct correlation to the number of applicable controls that apply to your particular organization.

What was surprising to learn was that our HITRUST certification and consulting services differ from other assessors. We learned that we do two things that others do not. BluePrint Healthcare IT provides a total fixed fee pricing model based off a series of scoping questions and we actually work side-by-side with you to complete your scoping assessment together. It’s these seemingly small, but important differences that help our clients take on HITRUST and manage the process successfully.